★ * OFFICE of ★ * 

INSPECTOR GENERAL 



U.S. DEPARTMENT OF 
HOUSING AND URBAN DEVELOPMENT 
OFFICE OF INSPECTOR GENERAL 


M - 5 2019 


Emma Best 

News Reporter 

MuckRock News 

Dept MR 74293 

411A Highland Avenue 

Somerville, MD 02144-2516 

RE: Your Freedom of Information Act (FOLA) Request 
FOIA Control No.: 19-IGF-OIG-00053 


Dear Ms. Best: 

This responds to your e-mail Freedom of Information Act (FOIA) request dated 
June 5, 2019, to the U.S. Department of Housing and Urban Development (HUD), Office of 
Inspector General (OIG). Your request was received in this office on June 5, 2019. 

You requested “ copies of records mentioning or describing audits, reviews, investigations 
or reports regarding the agency ’s cyber security, including audits or investigations regarding 
the state of the agency’s cyber security regarding potential attacks as well as audits and 
investigations conducted in the wake of a suspected or actual cyber attack.” You also requested 
“materials generated between 1 January 1996 and 30 June 2016.” 

Enclosed are 4 pages of list responsive to your request. We have found reports on our 
website and is available free of charge. We are providing you with a link to this information at: 
https://www.hudoig.gov/search7search api fulltext=FISMA+reports . This request constitutes a 
full grant of your request. 

For future reference, access to OIG reports can be obtained by accessing the HUD-OIG 
website at: http://www.hudoig.gov/library/audits-evaluations . If this data is not totally 
responsive to your request, we ask that you submit another FOIA request specifically detailing 
what additional information you want released. 

Please be advised that Kim Randall, Acting Assistant Inspector General for Audit is the 
official responsible for this response. 


Office of Legal Counsel 

451 7 th Street SW, Room 8186, Washington, DC 20410 
Phone (202) 708-1613, Fax (202) 401-3778 
Visit the Office of Inspector General Website at vnw. hudoig. gov 








Emma Best 

FOIA Tracking No.: 19-IGF-OIG-00053 


2 


If you are not satisfied with the response to this request, you may administratively submit an 
appeal pursuant to the Office of Inspector General’s Freedom of Information Regulation, 24 CFR 
§ 2002.23 (2018). This regulation provides for administrative review by the Inspector General of 
any denial of information. Your appeal must be postmarked or electronically transmitted within 
90 days of the date of the response to your request. Both the letter and the envelope should be 
clearly marked “Freedom of Information Act Appeal.” Your appeal should be addressed to the 
FOIA Appeal Specialist, Office of Legal Counsel to Inspector General, U.S. Department of 
Housing and Urban Development, 451 7 th Street, SW, Suite 8186, Washington, DC 20410, and 
should be accompanied by a copy of your initial request, a copy of this letter and your statement 
of circumstances, reasons and arguments supporting disclosure of the requested information. 

Additionally, you may contact the Office of Government Information Services (OGIS) at the 
National Archives and Records Administration to inquire about the FOIA mediation services 
they offer. The contact information for OGIS is as follows: 

Office of Government Information Services, 

National Archives and Records Administration, 

8601 Adelphi Road-OGIS, 

College Park, Maryland 20740-6001 
E-mail: ogis@nara.gov : 

Telephone: (202) 741-5770; 

Toll free: 1-877-684-6448, or 
Facsimile: (202)741-5769. 

* 

I trust that this information satisfies your request. If you need any further assistance or 
would like to discuss any aspect of your request please do not hesitate to contact our FOIA 
Requester Service Center at (202) 708-1613. Please reference the above FOIA number when 
making inquiries about this matter. 


Sincerely, 

/s/ 

Government Information Specialist (FOIA/PA) 


Enclosure 



Report Number 

Report Title 

Date Issued 

Published 

(Y/N) 

Program 

Area/Auditee 

Includes OMB 

Questions Table 

(Y/N) 

2001-DP-0802 

Annual Evaluation of 
HUD's Security 
Program and Practices 

9/6/2001 

Unknown 

GISRA 

Unknown 

2003-DP-0801 

Annual Evaluation of 

HUD’s Information 
Security Program 

10/30/2002 

Unknown 

GISRA 

N 

2003-DP-0803 

Annua! Evaluation of 
HUD's Information 
Security Program 

9/22/2003 : 

Unknown 

FISMA 

Y 

2006-DP-0004 

Review of HUD’s 
Information Security 
Program 

2/14/2006 

Unknown 

FISMA 

N 













Report Number 

Report Title 

Date Issued 

Published 

{V/N} 

Program 
Area/Auditee ; 

| Includes OMB , 
Questions Table 
(Y/N) 

2007-DP-0801 

OiG Response to 
Questions from the 

Office of 

Management and 
Budget Under the 
Federal Information 
Security Management 
Ad of 2002 

9/28/2007 

Unknown 

FISMA 

Y 

2008-DP-0005 

Review of Controls 
over the Removal of 

Local and Remote 

User Access 

7/21/2008 

N 

. Potential Breach 

N/A 

2008-DP-0006 

Review of HUD's 
Information 

Technology Security 
Program 

7/23/2008 

N 

FISMA 

N 















Report Number 

Report Title 

>Date Issued 

Published 

(Y/N) 

Program 

Area/Auditee 

Includes OMB 

Questions Table 
fV/N) 

2008-DP-0802 

OIG Response to 
Questions from the 
Office of 

Management and 
Budget under the ' 

Federal Information 
Security Management 
Act of 2002 

9/30/2QOS 

N 

FISMA 

Y 

2010-DP-0802 

DIG Response to 
Questions From the 
Office of 

Management and 
Budget Under the 
Federal Information 
Security Management 
Act of 2002 

11/18/2009 

N 

FISMA 

Y 










Report Number 

Report Title 

Date issued 

Published 

(Y/N) 

Program 

Area/Auditee 

Includes OMB 

Questions Table 
(Y/N) 

2011-DP-0005 

Although HUD 
Continued to Make 
Improvements to Its 
Entity Wide Security 
Program, Challenges 
Remained in Its 

Efforts to Comply with 
Federal Security 
Requirements 

2/10/2011 

N 

FISMA 

Y 

2012-D P-0003 

Enterprisewide 
Improvements are 
Needed in HUD's 
Computer Security 
Environment 

3/23/2012 

N 

FISMA 

Y 


GISRA/FISMA/Breach 

Reports and 11 

Memorandums Issued 
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HUD Fiscal Year 2018 Federal Information Security Modernization Act of 2014 ( FISMA ) Evaluation Report 

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency 
information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National 
Institute of Standards and Technology (NIST) establish information technology (IT) security gui 

October 31,2018 Report #2018-OE-0003 

HUD Fiscal Year 2017 Federal Information Security Modernization Act Of 2014 ( FISMA ) Evaluation Report 

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency 
information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National 
Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. 

October 31,2017 Report #2017-OE-0007 

Federal Information Security Modernization Act ( FISMA ) Fiscal Year 2016 Evaluation Report 

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency 
information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National 
Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. 

November 09,2016 Report #2016-OE-0006 

Federal Information Security Modernization Act ( FISMA ) Fiscal Year 2015 Evaluation Report 

The Federal Information Security Modernization Act of 2014 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual 
evaluation of the U.S. 

November 19,2015 Report #2015-OE-OOOI 

Federal Information Security Mana g ement Act ( FISMA ) Fiscal Year 2014 Evaluation Report 

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual 
evaluation of the U.S. 

November 13,2014 Report #2014-OE-0003 

Federal Information Security Mana g ement Act ( FISMA ) Fiscal Year 2013 Evaluation Report 

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual 
evaluation of the U.S. 

November 28,2013 Report #2013-OE-0001 

FY 2010 FISMA 

We have completed an audit of the U.S. Department of Housing and Urban Development's (HUD) information security program. We evaluated 
whether HUD's Office of the Chief Information Officer (OCIO) had developed security policies, implemented procedures, and continuously 
monitored its entitywide information system security program. 

February 09, 2011 Report #2011-DP-0005 

https://www.hudoig.gov/search7search_api jyitext=FISMA&fieldjdateJssuedjdate%5Bmin%5D=&fieldjdateJssuedjdate%5Bmax%5D= 
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